Lucene search
MongodbCVELIST:CVE-2018-20802HistoryNov 23, 2020 - 3:15 p.m.
CVE-2018-20802 Post-auth queries on compound index may crash mongod
2020-11-2315:15:18
CWE-394
mongodb
www.cve.org
3
mongodb
denial of service
compound index
queryplanner
cve-2018-20802
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
29.8%
A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects MongoDB Server v3.6 versions prior to 3.6.9 and MongoDB Server v4.0 versions prior to 4.0.3.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "MongoDB Server",
"vendor": "MongoDB Inc.",
"versions": [
{
"lessThan": "3.6.9",
"status": "affected",
"version": "3.6",
"versionType": "custom"
},
{
"lessThan": "4.0.3",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
}
]References
Related
nvd
nvd
CVE-2018-20802
2020-11-23 16:15:12
mongodb
mongodb
Post-auth queries on compound index may crash mongod
2020-11-30 14:00:00
osv
osv
CVE-2018-20802
2020-11-23 16:15:12
openvas
openvas
MongoDB 3.6 < 3.6.9, 4.0 < 4.0.3 DoS Vulnerability - Windows
2020-12-02 00:00:00
MongoDB 3.6 < 3.6.9, 4.0 < 4.0.3 DoS Vulnerability - Linux
2020-12-02 00:00:00
debiancve
debiancve
CVE-2018-20802
2020-11-23 16:15:00
cve
cve
CVE-2018-20802
2020-11-23 16:15:12
prion
prion
Design/Logic Flaw
2020-11-23 16:15:00
redhatcve
redhatcve
CVE-2018-20802
2020-11-23 20:51:38
ubuntucve
ubuntucve
CVE-2018-20802
2020-11-23 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
29.8%
Related for CVELIST:CVE-2018-20802